I'm trying to replace CORS policy URL between my cluster overlays. My base VS is as follows, but I run into an error I don't understand.
- path: vs-patch.yaml
target:
group: networking.istio.io
version: v1beta1
kind: VirtualService
name: test-vs
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: test-vs
spec:
gateways:
- istio-ingress/gw
hosts:
- test
http:
- name: primary
retries:
attempts: 3
perTryTimeout: 100s
retryOn: gateway-error,connect-failure,refused-stream
route:
- destination:
host: test-stable
port:
number: 80
weight: 100
headers:
response:
set:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: "no-store, private"
X-Frame-Options: 'DENY'
X-Content-type-Options: 'nosniff'
X-XSS-Protection: '1; mode=block'
Content-Security-Policy: "default-src 'self' https: ws: data: 'unsafe-inline' ; frame-ancestors 'none';"
istioVs: "test-service"
remove:
- x-envoy-upstream-service-time
- server
- Pragma
# Our second destination matches the second service in our "service.yaml"
- destination:
host: test-canary
port:
number: 80
weight: 0
headers:
response:
set:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: "no-store, private"
X-Frame-Options: 'DENY'
X-Content-type-Options: 'nosniff'
X-XSS-Protection: '1; mode=block'
Content-Security-Policy: "default-src 'self' https: ws: data: 'unsafe-inline' ; frame-ancestors 'none';"
remove:
- x-envoy-upstream-service-time
- server
- Pragma
corsPolicy:
allowOrigins:
- regex: (https://)(.*)(example.com)
allowMethods:
- POST
- GET
- OPTIONS
allowCredentials: true
allowHeaders:
- accept
- authorization
- content-type
- x-correlation-id
maxAge: "24h"
- op: replace
path: /spec/http/0/corsPolicy
value: |
allowOrigins:
- regex: (https://)(.*)(example2.com)
I get an error: for: "apps/app/test/overlays/cluster1": error when patching "apps/app/test/overlays/cluster1": VirtualService.networking.istio.io "test-vs" is invalid: spec.http[0].corsPolicy: Invalid value: "string": spec.http[0].corsPolicy in body must be of type object: "string"
What is the correct Kustomize path and value?
value: | value:
I tried pulling in the entire directive, but really I just need the array to add regex.